66 matches found
EUVD-2025-204849
LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs...
GHSA-C67J-W6G6-Q2CM LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs
Summary A serialization injection vulnerability exists in LangChain's dumps and dumpd functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data...
EUVD-2025-203255
The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...
CVE-2025-36753
The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...
PT-2025-51102
The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...
EUVD-2024-2456
Malicious code in bioql PyPI...
EUVD-2022-2441
Malicious code in bioql PyPI...
EUVD-2022-4348
Malicious code in bioql PyPI...
EUVD-2022-5740
Malicious code in bioql PyPI...
EUVD-2022-2747
Malicious code in bioql PyPI...
EUVD-2022-4804
Malicious code in bioql PyPI...
EUVD-2023-0515
Malicious code in bioql PyPI...
EUVD-2022-1574
Malicious code in bioql PyPI...
CVE-2023-24429
Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses externa...
CVE-2021-23207
An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating user...
CVE-2019-10466
An XML external entities XXE vulnerability in Jenkins 360 FireLine Plugin allows attackers with Overall/Read access to have Jenkins resolve external entities, resulting in the extraction of secrets from the Jenkins agent, server-side request forgery, or denial-of-service attacks...
CVE-2019-10327
An XML external entities XXE vulnerability in Jenkins Pipeline Maven Integration Plugin 1.7.0 and earlier allowed attackers able to control a temporary directory's content on the agent running the Maven build to have Jenkins parse a maliciously crafted XML file that uses external entities for...
Chypnosis: Stealthy Secret Extraction Using Undervolting-Based Static Side-Channel Attacks
There is a growing class of static physical side-channel attacks that allow adversaries to extract secrets by probing the persistent state of a circuit. Techniques such as laser logic state imaging LLSI, impedance analysis IA, and static power analysis fall into this category. These attacks requi...
GHSA-R8GC-QC2C-C7VH Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`
Description: The secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function multiple times and comparing results. However, several critical weaknesses exist: 1. Python's execution environment cannot guarantee true isolation between...
Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`
Description: The secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function multiple times and comparing results. However, several critical weaknesses exist: 1. Python's execution environment cannot guarantee true isolation between...